Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Malware Protector 2008


  • This topic is locked This topic is locked
16 replies to this topic

#1 Kresh

Kresh

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 05 June 2008 - 12:10 PM

Hey guys wassup.
I was on the internet lastnight and dld a bogus ActiveX control plugin filled with all kinds of goodies

I had a blue background with a yellow square saying download malware removal etc. along with cockroaches crawling from the sides of the screen.

Ive self helped myself to get rid of both of those and want to make sure i got it all cleaned up now

-EDIT-
( - Have come back & gotten rid of since then - )

Everytime the computer restarts my antivirus i dld for this purpose finds a trojan downloader ( same name each time) it says it gets rid of it but it keeps coming back

-END EDIT-

heres my Hijack log

thanks in advance








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:23, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {189A78B1-CEB8-45FD-9C12-4B9C8A965A58} - (no file)
O2 - BHO: (no name) - {1DDA422C-9545-02CA-8252-67557BD47B6D} - C:\WINDOWS\System32\xafb.dll (file missing)
O2 - BHO: (no name) - {1E8E477D-9547-0395-D552-67557BD4266E} - C:\WINDOWS\System32\hhxj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B1B8397B-F3BC-A96C-C90B-DDC868FE2AE1} - C:\WINDOWS\system32\arrldhxg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093604524421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140671374508
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: wvUKDWOH - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8947 bytes

Edited by Kresh, 05 June 2008 - 08:55 PM.

    Advertisements

Register to Remove


#2 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 08 June 2008 - 06:37 PM

Hello

  • Download FixIEDef.exe by ShadowPuterDude to the Desktop.
  • Double-click FixIEDef.exe.
    Posted Image
  • Click the Extract Button.
    Posted Image
  • There will be a new folder on your desktop. Locate the FixIEDef folder and double click.
    Posted Image
  • Locate FixIEDef.bat and double-click on it.
    Posted Image

    WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process

    NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.

    FixIEDef will now run.
    Posted Image
  • You can safely close the Command Console after Explorer has restarted.

    Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. See: http://www.beyondlog...processutil.htm




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


#3 Kresh

Kresh

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 09 June 2008 - 10:31 AM

Thank you for your assistence when i open the first program you have told me to dl and run it comes up with a license acceptence/decline window and after pressing accept this is what i get 4534534.JPG I don't get a window or a folder as shown by your screenshots

#4 Kresh

Kresh

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 09 June 2008 - 10:41 AM

I went ahead and clicked scan and it removed the programs that it said it was designed todo in your screenshot then went ahead and did the dss heres those two logs


main.txt is first followed by extra.txt



Deckard's System Scanner v20071014.68
Run by Amy Melsoner on 2008-06-09 12:38:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-06-09 16:39:02 UTC - RP194 - Deckard's System Scanner Restore Point
9: 2008-06-09 00:33:46 UTC - RP193 - Microsoft OneCare Protection Checkpoint
8: 2008-06-06 00:44:30 UTC - RP192 - Microsoft OneCare Protection Checkpoint
7: 2008-06-05 20:34:49 UTC - RP191 - Microsoft OneCare Protection Checkpoint
6: 2008-06-05 19:07:55 UTC - RP190 - Microsoft OneCare Protection Checkpoint


-- First Restore Point --
1: 2008-06-05 18:27:44 UTC - RP185 - Microsoft OneCare Protection Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Amy Melsoner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:07, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Amy Melsoner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Amy Melsoner.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {189A78B1-CEB8-45FD-9C12-4B9C8A965A58} - (no file)
O2 - BHO: (no name) - {1DDA422C-9545-02CA-8252-67557BD47B6D} - C:\WINDOWS\System32\xafb.dll (file missing)
O2 - BHO: (no name) - {1E8E477D-9547-0395-D552-67557BD4266E} - C:\WINDOWS\System32\hhxj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B1B8397B-F3BC-A96C-C90B-DDC868FE2AE1} - C:\WINDOWS\system32\arrldhxg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093604524421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140671374508
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: wvUKDWOH - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8849 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 npkcusb - c:\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S0 Winnt51 - c:\windows\system32\drivers\winnt51.sys (file missing)
S3 moufiltr (Mouse Filter Driver) - c:\windows\system32\drivers\moufiltr.sys <Not Verified; Chic Tech.; Chic Tech.>
S3 MusCDriverV32 - c:\windows\system32\drivers\muscdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
S3 MusCVideo32 - c:\windows\system32\drivers\muscvideo32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: USB Human Interface Device
Device ID: USB\VID_046D&PID_C308&MI_01\6&27E0D56D&0&0001
Manufacturer: (Standard system devices)
Name: USB Human Interface Device
PNP Device ID: USB\VID_046D&PID_C308&MI_01\6&27E0D56D&0&0001
Service: HidUsb

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\3&13C0B0C5&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\3&13C0B0C5&0
Service: i8042prt


-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-05 13:14:58 0 d-------- C:\VundoFix Backups
2008-06-05 12:44:04 0 dr-h----- C:\Documents and Settings\Amy Melsoner\Recent
2008-06-05 12:40:53 0 d-------- C:\Program Files\CCleaner
2008-06-05 12:32:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 12:27:58 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Uniblue
2008-06-05 11:39:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-05 11:39:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-05 11:39:30 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\SUPERAntiSpyware.com
2008-06-05 11:36:33 0 d-------- C:\Program Files\Trend Micro
2008-06-05 04:49:27 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-06-05 03:23:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 01:48:03 377205 --ahs---- C:\WINDOWS\system32\LVEMnqss.ini2
2008-06-05 01:31:30 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\shcet6j0e7be
2008-06-05 01:31:01 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-06-05 01:30:43 94208 --a------ C:\WINDOWS\eaps.exe
2008-06-04 12:48:18 0 d-------- C:\Documents and Settings\Amy Melsoner\.housecall6.6
2008-06-04 12:45:55 1396261 --a------ C:\RiskInstall.exe
2008-06-04 12:45:55 0 d-------- C:\RiskII
2008-06-04 12:45:42 0 d-------- C:\Program Files\Microprose
2008-06-04 12:35:59 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\WarZone
2008-06-04 12:35:57 0 d-------- C:\Program Files\WarZone
2008-06-02 21:58:15 0 d-------- C:\Program Files\Yahoo! Games
2008-06-02 20:55:21 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-02 19:42:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-02 19:39:43 0 d-------- C:\Program Files\Games
2008-06-02 19:36:54 0 d-------- C:\Program Files\AOL Games
2008-06-02 18:44:40 0 d-------- C:\Program Files\Risk
2008-06-02 18:44:40 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\SpinTop
2008-06-02 17:36:27 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\iWin
2008-05-23 17:17:18 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Google
2008-05-23 17:16:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-18 22:33:49 0 d-------- C:\Program Files\Disney


-- Find3M Report ---------------------------------------------------------------

2008-06-05 11:39:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 10:22:14 0 d-------- C:\Program Files\Lavasoft
2008-06-05 04:41:45 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Lavasoft
2008-06-04 13:40:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 13:40:14 0 d-------- C:\Program Files\Common Files
2008-06-04 13:39:15 0 d-------- C:\Program Files\Shockwave.com
2008-05-31 01:13:05 4 --a------ C:\WINDOWS\system32\6BA852
2008-05-28 19:29:10 0 d-------- C:\Program Files\Starcraft
2008-05-25 20:34:00 0 d-------- C:\Program Files\Google
2008-05-23 17:16:36 0 d-------- C:\Program Files\Java
2008-05-18 22:50:10 0 d-------- C:\Program Files\World of Warcraft
2008-05-04 15:15:06 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Nexon
2008-05-04 15:14:26 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-26 16:20:28 0 d-------- C:\Program Files\Microsoft Works
2008-04-26 16:18:28 0 d-------- C:\Program Files\Microsoft.NET


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{189A78B1-CEB8-45FD-9C12-4B9C8A965A58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DDA422C-9545-02CA-8252-67557BD47B6D}]
C:\WINDOWS\System32\xafb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8E477D-9547-0395-D552-67557BD4266E}]
C:\WINDOWS\System32\hhxj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1B8397B-F3BC-A96C-C90B-DDC868FE2AE1}]
C:\WINDOWS\system32\arrldhxg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 11:56]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [12/20/2004 17:12]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/19/2007 13:26]
"nwiz"="nwiz.exe" [04/19/2007 13:26 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/19/2007 13:26]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 13:10]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [05/28/2008 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [01/30/2008 16:33]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/23/2008 17:18]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe [6/27/2004 2:27:19 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 06/08/2008 19:18 15360 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUKDWOH]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqnMEVL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\SETUP.EXE




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8711 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-09 12:41:08 ------------















































































Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2800+
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 511.49 MiB / 148.46 MiB
Pagefile Memory (total/avail): 1250.16 MiB / 794.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.72 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 44.8 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Disabled:CCP ExeFile"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Yahoo! Games\\Risk II\\RiskII.exe"="C:\\Program Files\\Yahoo! Games\\Risk II\\RiskII.exe:*:Enabled:Risk II"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Amy Melsoner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NONE-106LTBOVRL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Amy Melsoner
LOGONSERVER=\\NONE-106LTBOVRL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AMYMEL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\AMYMEL~1\LOCALS~1\Temp
USERDOMAIN=NONE-106LTBOVRL
USERNAME=Amy Melsoner
USERPROFILE=C:\Documents and Settings\Amy Melsoner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Amy Melsoner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Best Buy Digital Music Store --> C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClearView --> MsiExec.exe /I{D201B929-CF7B-4A50-9BAF-CFA94ACF763E}
CompuFoil3D --> C:\WINDOWS\iun6002.exe "C:\Program Files\CompuFoil3D\irunin.ini"
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Disney Pirates of the Caribbean Online --> C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
FMS --> C:\Program Files\FMS\Uninstall.exe
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTOneCare --> MsiExec.exe /X{CA40DD4F-D30E-4622-8783-1ED1E81340C2}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MapleStory --> MsiExec.exe /I{9B40FEE5-85E8-4851-89AD-66E2A1B4DC04}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Live OneCare Resources v2.0.2500.32 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.30 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.0.2500.32 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Protected Music Converter 0.99.33b --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Risk II (remove only) --> "C:\Program Files\Yahoo! Games\Risk II\Uninstall.exe"
Sansa Media Converter --> "C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sony Vegas Movie Studio 6.0b --> MsiExec.exe /X{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak 2 Server RC2 --> "C:\Program Files\Teamspeak2_RC22\unins000.exe"
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type22123 / Error
Event Submitted/Written: 06/09/2008 00:23:40 PM
Event ID/Source: 5003 / TrueVector Service
Event Description:
TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: The system cannot find the file specified.

Event Record #/Type22122 / Error
Event Submitted/Written: 06/09/2008 00:23:40 PM
Event ID/Source: 5007 / TrueVector Service
Event Description:
TrueVector engine: File "C:\WINDOWS\Internet Logs\NONE-106LTBOVRL.ldb" was corrupt and has been copied to "C:\WINDOWS\Internet Logs\xDB467.tmp". File "C:\WINDOWS\Internet Logs\NONE-106LTBOVRL.ldb" was corrupt and has been deleted.

Event Record #/Type22119 / Error
Event Submitted/Written: 06/09/2008 00:23:38 PM
Event ID/Source: 5007 / TrueVector Service
Event Description:
TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt, restoring from backup "C:\WINDOWS\Internet Logs\BACKUP.RDB".

Event Record #/Type22118 / Error
Event Submitted/Written: 06/09/2008 00:23:37 PM
Event ID/Source: 5007 / TrueVector Service
Event Description:
TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt and has been copied to "C:\WINDOWS\Internet Logs\xDB466.tmp". File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt and has been deleted.

Event Record #/Type22103 / Error
Event Submitted/Written: 06/08/2008 07:18:46 PM
Event ID/Source: 5003 / TrueVector Service
Event Description:
TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: The system cannot find the file specified.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32129 / Warning
Event Submitted/Written: 06/05/2008 09:21:32 AM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.

For more information please see the following:
%NT AUTHORITY295

Scan ID: {7864F8F4-DAD1-4D47-B5BF-547EE5839522}

Agent: %NT AUTHORITY43

User: NT AUTHORITY\SYSTEM

Name: %NT AUTHORITY291

ID: %NT AUTHORITY292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %NT AUTHORITY296

Alert Type: %NT AUTHORITY298

Process Name: C:\WINDOWS\system32\winlogon.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type32128 / Warning
Event Submitted/Written: 06/05/2008 09:21:26 AM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.

For more information please see the following:
%NT AUTHORITY295

Scan ID: {18FFC4F3-B87D-4496-8ABA-513128396D08}

Agent: %NT AUTHORITY43

User: NT AUTHORITY\SYSTEM

Name: %NT AUTHORITY291

ID: %NT AUTHORITY292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %NT AUTHORITY296

Alert Type: %NT AUTHORITY298

Process Name: C:\WINDOWS\system32\winlogon.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type32127 / Warning
Event Submitted/Written: 06/05/2008 09:21:19 AM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.

For more information please see the following:
%NT AUTHORITY295

Scan ID: {D437D179-CB91-44EE-B60A-0226EED2F9E6}

Agent: %NT AUTHORITY43

User: NT AUTHORITY\SYSTEM

Name: %NT AUTHORITY291

ID: %NT AUTHORITY292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %NT AUTHORITY296

Alert Type: %NT AUTHORITY298

Process Name: C:\WINDOWS\system32\winlogon.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type32126 / Warning
Event Submitted/Written: 06/05/2008 09:21:13 AM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.

For more information please see the following:
%NT AUTHORITY295

Scan ID: {FD986A2D-1791-4D0D-A61C-2D0F037AF60F}

Agent: %NT AUTHORITY43

User: NT AUTHORITY\SYSTEM

Name: %NT AUTHORITY291

ID: %NT AUTHORITY292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %NT AUTHORITY296

Alert Type: %NT AUTHORITY298

Process Name: C:\WINDOWS\system32\winlogon.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00

Event Record #/Type32125 / Warning
Event Submitted/Written: 06/05/2008 09:21:07 AM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.

For more information please see the following:
%NT AUTHORITY295

Scan ID: {56981D60-027F-4374-9A21-A9750E2A0929}

Agent: %NT AUTHORITY43

User: NT AUTHORITY\SYSTEM

Name: %NT AUTHORITY291

ID: %NT AUTHORITY292

Severity: 1.5.1944.05

Category: 1.5.1944.06

Path Found: %NT AUTHORITY296

Alert Type: %NT AUTHORITY298

Process Name: C:\WINDOWS\system32\winlogon.exe

Detection Type: 1.5.1944.02

Status: 1.5.1944.00



-- End of Deckard's System Scanner: finished at 2008-06-09 12:41:08 ------------

#5 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 09 June 2008 - 12:35 PM

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1DDA422C-9545-02CA-8252-67557BD47B6D} - C:\WINDOWS\System32\xafb.dll (file missing)
O2 - BHO: (no name) - {1E8E477D-9547-0395-D552-67557BD4266E} - C:\WINDOWS\System32\hhxj.dll (file missing)
O2 - BHO: (no name) - {B1B8397B-F3BC-A96C-C90B-DDC868FE2AE1} - C:\WINDOWS\system32\arrldhxg.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: wvUKDWOH - C:\WINDOWS\


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\LVEMnqss.ini2
    C:\WINDOWS\system32\WinCtrl32.dll
    C:\WINDOWS\eaps.exe
    C:\WINDOWS\system32\6BA852
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt51.sys
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D
    D:\SETUP.EXE
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log

#6 Kresh

Kresh

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 09 June 2008 - 01:48 PM

Explorer killed successfully
C:\WINDOWS\system32\LVEMnqss.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinCtrl32.dll NOT unregistered.
C:\WINDOWS\system32\WinCtrl32.dll moved successfully.
C:\WINDOWS\eaps.exe moved successfully.
C:\WINDOWS\system32\6BA852 moved successfully.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt51.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt51.sys\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\\ deleted successfully.
File move failed. D:\SETUP.EXE scheduled to be moved on reboot.
< purity >
C:\WINDOWS\system32\Fоnts moved successfully.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06092008_154506

Files moved on Reboot...
File move failed. D:\SETUP.EXE scheduled to be moved on reboot.








Deckard's System Scanner v20071014.68
Run by Amy Melsoner on 2008-06-09 15:50:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).


-- HijackThis (run as Amy Melsoner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:48, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Amy Melsoner\Desktop\New Folder\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\AMYMEL~1.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B1B8397B-F3BC-A96C-C90B-DDC868FE2AE1} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093604524421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140671374508
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: wvUKDWOH - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8469 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 15:47:13 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-06-09 12:46:35 30080 --a------ C:\WINDOWS\system32\drivers\Winkp50.sys
2008-06-05 13:14:58 0 d-------- C:\VundoFix Backups
2008-06-05 12:44:04 0 dr-h----- C:\Documents and Settings\Amy Melsoner\Recent
2008-06-05 12:40:53 0 d-------- C:\Program Files\CCleaner
2008-06-05 12:32:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 12:27:58 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Uniblue
2008-06-05 11:39:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-05 11:39:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-05 11:39:30 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\SUPERAntiSpyware.com
2008-06-05 11:36:33 0 d-------- C:\Program Files\Trend Micro
2008-06-05 04:49:27 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-06-05 03:23:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 01:31:30 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\shcet6j0e7be
2008-06-04 12:48:18 0 d-------- C:\Documents and Settings\Amy Melsoner\.housecall6.6
2008-06-04 12:45:55 1396261 --a------ C:\RiskInstall.exe
2008-06-04 12:45:55 0 d-------- C:\RiskII
2008-06-04 12:45:42 0 d-------- C:\Program Files\Microprose
2008-06-04 12:35:59 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\WarZone
2008-06-04 12:35:57 0 d-------- C:\Program Files\WarZone
2008-06-02 21:58:15 0 d-------- C:\Program Files\Yahoo! Games
2008-06-02 20:55:21 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-02 19:42:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-02 19:39:43 0 d-------- C:\Program Files\Games
2008-06-02 19:36:54 0 d-------- C:\Program Files\AOL Games
2008-06-02 18:44:40 0 d-------- C:\Program Files\Risk
2008-06-02 18:44:40 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\SpinTop
2008-06-02 17:36:27 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\iWin
2008-05-23 17:17:18 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Google
2008-05-23 17:16:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-18 22:33:49 0 d-------- C:\Program Files\Disney


-- Find3M Report ---------------------------------------------------------------

2008-06-05 11:39:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 10:22:14 0 d-------- C:\Program Files\Lavasoft
2008-06-05 04:41:45 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Lavasoft
2008-06-04 13:40:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 13:40:14 0 d-------- C:\Program Files\Common Files
2008-06-04 13:39:15 0 d-------- C:\Program Files\Shockwave.com
2008-05-28 19:29:10 0 d-------- C:\Program Files\Starcraft
2008-05-25 20:34:00 0 d-------- C:\Program Files\Google
2008-05-23 17:16:36 0 d-------- C:\Program Files\Java
2008-05-18 22:50:10 0 d-------- C:\Program Files\World of Warcraft
2008-05-04 15:15:06 0 d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Nexon
2008-05-04 15:14:26 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-26 16:20:28 0 d-------- C:\Program Files\Microsoft Works
2008-04-26 16:18:28 0 d-------- C:\Program Files\Microsoft.NET


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1B8397B-F3BC-A96C-C90B-DDC868FE2AE1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 11:56]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [12/20/2004 17:12]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/19/2007 13:26]
"nwiz"="nwiz.exe" [04/19/2007 13:26 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/19/2007 13:26]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 13:10]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [05/28/2008 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [01/30/2008 16:33]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/23/2008 17:18]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe [6/27/2004 2:27:19 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 06/09/2008 15:47 15360 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUKDWOH]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqnMEVL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp50.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt51.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-09 15:51:18 ------------

#7 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 09 June 2008 - 03:18 PM

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#8 Kresh

Kresh

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 09 June 2008 - 10:41 PM

didnt turn off everything redoing scans

Edited by Kresh, 09 June 2008 - 10:58 PM.


#9 Kresh

Kresh

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 09 June 2008 - 11:14 PM

ComboFix 08-06-09.7 - Amy Melsoner 2008-06-10 1:02:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.258 [GMT -4:00]
Running from: C:\Documents and Settings\Amy Melsoner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\Winkp50.sys
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINKP50
-------\Service_Winkp50


((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-09 15:45 . 2008-06-09 15:45 <DIR> d-------- C:\_OTMoveIt
2008-06-09 12:38 . 2008-06-09 12:38 <DIR> d-------- C:\Deckard
2008-06-05 13:14 . 2008-06-05 13:14 <DIR> d-------- C:\VundoFix Backups
2008-06-05 12:32 . 2008-06-10 00:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-05 12:32 . 2008-06-10 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 12:27 . 2008-06-05 12:27 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Uniblue
2008-06-05 11:39 . 2008-06-10 00:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-05 11:39 . 2008-06-10 00:54 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\SUPERAntiSpyware.com
2008-06-05 11:39 . 2008-06-05 11:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-05 11:36 . 2008-06-05 11:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 08:25 . 2007-03-29 08:56 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-06-05 08:25 . 2007-03-29 08:56 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-06-05 08:25 . 2007-03-29 08:56 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-06-05 08:25 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-06-05 08:25 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-06-05 08:25 . 2007-03-29 08:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-06-05 03:23 . 2008-06-05 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 01:31 . 2008-06-05 01:31 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\shcet6j0e7be
2008-06-04 12:49 . 2008-06-04 12:48 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-04 12:48 . 2008-06-04 12:50 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\.housecall6.6
2008-06-04 12:45 . 2008-04-22 13:41 <DIR> d-------- C:\RiskII
2008-06-04 12:45 . 2008-06-04 12:45 <DIR> d-------- C:\Program Files\Microprose
2008-06-04 12:45 . 2008-04-22 13:42 1,396,261 --a------ C:\RiskInstall.exe
2008-06-04 12:35 . 2008-06-04 13:39 <DIR> d-------- C:\Program Files\WarZone
2008-06-04 12:35 . 2008-06-04 12:37 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\WarZone
2008-06-02 21:58 . 2008-06-02 21:58 <DIR> d-------- C:\Program Files\Yahoo! Games
2008-06-02 20:55 . 2008-06-02 20:55 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-02 19:42 . 2008-06-02 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-02 19:39 . 2008-06-02 19:39 <DIR> d-------- C:\Program Files\Games
2008-06-02 19:36 . 2008-06-04 13:35 <DIR> d-------- C:\Program Files\AOL Games
2008-06-02 18:44 . 2008-06-02 19:12 <DIR> d-------- C:\Program Files\Risk
2008-06-02 18:44 . 2008-06-02 18:44 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\SpinTop
2008-06-02 17:36 . 2008-06-02 17:36 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\iWin
2008-05-18 22:33 . 2008-05-18 22:33 <DIR> d-------- C:\Program Files\Disney

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-10 04:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 19:48 356,864 ----a-w C:\WINDOWS\Internet Logs\xDB468.tmp
2008-06-09 19:48 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB469.tmp
2008-06-08 23:18 349,696 ----a-w C:\WINDOWS\Internet Logs\xDB466.tmp
2008-06-08 23:18 163,840 ----a-w C:\WINDOWS\Internet Logs\xDB467.tmp
2008-06-05 17:02 304,128 ----a-w C:\WINDOWS\Internet Logs\xDB464.tmp
2008-06-05 17:02 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB465.tmp
2008-06-05 16:44 292,352 ----a-w C:\WINDOWS\Internet Logs\xDB462.tmp
2008-06-05 16:07 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB463.tmp
2008-06-05 14:58 49,152 ----a-w C:\WINDOWS\Internet Logs\xDB461.tmp
2008-06-05 14:56 292,352 ----a-w C:\WINDOWS\Internet Logs\xDB460.tmp
2008-06-05 14:22 --------- d-----w C:\Program Files\Lavasoft
2008-06-05 08:41 --------- d-----w C:\Documents and Settings\Amy Melsoner\Application Data\Lavasoft
2008-06-05 08:27 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45F.tmp
2008-06-05 05:56 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45C.tmp
2008-06-05 05:55 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB45E.tmp
2008-06-04 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 17:39 --------- d-----w C:\Program Files\Shockwave.com
2008-06-04 17:28 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45D.tmp
2008-06-04 00:35 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45A.tmp
2008-06-02 23:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 23:29 --------- d-----w C:\Program Files\Starcraft
2008-05-28 14:07 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB45B.tmp
2008-05-26 00:34 --------- d-----w C:\Program Files\Google
2008-05-24 21:36 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB458.tmp
2008-05-23 21:16 --------- d-----w C:\Program Files\Java
2008-05-19 02:50 --------- d-----w C:\Program Files\World of Warcraft
2008-05-16 18:04 11,776 ----a-w C:\WINDOWS\Internet Logs\xDB459.tmp
2008-05-13 06:02 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB456.tmp
2008-05-04 19:15 --------- d-----w C:\Documents and Settings\Amy Melsoner\Application Data\Nexon
2008-05-04 19:14 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-03 21:49 12,288 ----a-w C:\WINDOWS\Internet Logs\xDB457.tmp
2008-05-02 21:13 26,112 ----a-w C:\WINDOWS\Internet Logs\xDB455.tmp
2008-05-02 21:13 211,456 ----a-w C:\WINDOWS\Internet Logs\xDB454.tmp
2008-05-01 09:05 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB452.tmp
2008-04-26 20:20 --------- d-----w C:\Program Files\Microsoft Works
2008-04-26 20:18 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-09 14:08 11,776 ----a-w C:\WINDOWS\Internet Logs\xDB453.tmp
2008-04-04 12:50 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB450.tmp
2008-03-13 12:49 11,776 ----a-w C:\WINDOWS\Internet Logs\xDB451.tmp
2008-03-12 22:58 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB44E.tmp
2005-08-06 22:19 46,525 ---ha-w C:\Documents and Settings\Amy Melsoner\Application Data\ptads.bin
.

((((((((((((((((((((((((((((( snapshot@2008-06-10_ 0.37.33.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 04:27:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 05:06:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-10-27 19:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSO.DLL
- 2008-05-14 14:02:30 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-06-10 04:58:37 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-14 14:02:31 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-10 04:58:37 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-14 14:02:31 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-10 04:58:37 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-14 14:02:31 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-10 04:58:37 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-14 14:02:31 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-10 04:58:37 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-14 14:02:31 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-06-10 04:58:37 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-14 14:02:31 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-06-10 04:58:37 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-14 14:02:31 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-06-10 04:58:37 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-14 14:02:31 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-10 04:58:37 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-14 14:02:30 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-10 04:58:37 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2008-01-30 16:33 477696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 17:18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe [2004-06-27 14:27:19 422984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUKDWOH]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt51.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Yahoo! Games\\Risk II\\RiskII.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 20:16]
S0 Winnt51;Winnt51;C:\WINDOWS\system32\Drivers\Winnt51.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 23:31]
S3 lne100tx;Linksys LNE100TX Fast Ethernet PCI Adapter;C:\WINDOWS\system32\DRIVERS\lne100tx.sys [2001-08-17 12:12]
S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-12-28 15:50]
S3 MusCVideo32;MusCVideo32;C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2007-12-28 15:50]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 01:06:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-06-10 1:14:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 05:13:06
ComboFix2.txt 2008-06-10 04:39:17

Pre-Run: 48,068,853,760 bytes free
Post-Run: 48,071,016,448 bytes free

193 --- E O F --- 2008-06-10 04:58:40
































Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:14:42, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093604524421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140671374508
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O20 - Winlogon Notify: wvUKDWOH - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7171 bytes

Attached Files

  • Attached File  log.txt   13.74KB   305 downloads


#10 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 10 June 2008 - 05:45 AM

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUKDWOH]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt51.sys]

Driver::
Winnt51


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Advertisements

Register to Remove


#11 Kresh

Kresh

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 10 June 2008 - 09:41 PM

ComboFix 08-06-09.7 - Amy Melsoner 2008-06-10 23:11:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.269 [GMT -4:00]
Running from: C:\Documents and Settings\Amy Melsoner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Amy Melsoner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINNT51
-------\Service_Winnt51


((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-09 15:45 . 2008-06-09 15:45 <DIR> d-------- C:\_OTMoveIt
2008-06-09 12:38 . 2008-06-09 12:38 <DIR> d-------- C:\Deckard
2008-06-05 13:14 . 2008-06-05 13:14 <DIR> d-------- C:\VundoFix Backups
2008-06-05 12:32 . 2008-06-10 00:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-05 12:32 . 2008-06-10 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 12:27 . 2008-06-05 12:27 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Uniblue
2008-06-05 11:39 . 2008-06-10 00:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-05 11:39 . 2008-06-10 00:54 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\SUPERAntiSpyware.com
2008-06-05 11:39 . 2008-06-05 11:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-05 11:36 . 2008-06-05 11:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 08:25 . 2007-03-29 08:56 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-06-05 08:25 . 2007-03-29 08:56 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-06-05 08:25 . 2007-03-29 08:56 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-06-05 08:25 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-06-05 08:25 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-06-05 08:25 . 2007-03-29 08:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-06-05 03:23 . 2008-06-05 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 01:31 . 2008-06-05 01:31 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\shcet6j0e7be
2008-06-04 12:49 . 2008-06-04 12:48 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-04 12:48 . 2008-06-04 12:50 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\.housecall6.6
2008-06-04 12:45 . 2008-04-22 13:41 <DIR> d-------- C:\RiskII
2008-06-04 12:45 . 2008-06-04 12:45 <DIR> d-------- C:\Program Files\Microprose
2008-06-04 12:45 . 2008-04-22 13:42 1,396,261 --a------ C:\RiskInstall.exe
2008-06-04 12:35 . 2008-06-04 13:39 <DIR> d-------- C:\Program Files\WarZone
2008-06-04 12:35 . 2008-06-04 12:37 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\WarZone
2008-06-02 21:58 . 2008-06-02 21:58 <DIR> d-------- C:\Program Files\Yahoo! Games
2008-06-02 20:55 . 2008-06-02 20:55 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-02 19:42 . 2008-06-02 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-02 19:39 . 2008-06-02 19:39 <DIR> d-------- C:\Program Files\Games
2008-06-02 19:36 . 2008-06-04 13:35 <DIR> d-------- C:\Program Files\AOL Games
2008-06-02 18:44 . 2008-06-02 19:12 <DIR> d-------- C:\Program Files\Risk
2008-06-02 18:44 . 2008-06-02 18:44 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\SpinTop
2008-06-02 17:36 . 2008-06-02 17:36 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\iWin
2008-05-18 22:33 . 2008-05-18 22:33 <DIR> d-------- C:\Program Files\Disney

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-10 04:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 19:48 356,864 ----a-w C:\WINDOWS\Internet Logs\xDB468.tmp
2008-06-09 19:48 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB469.tmp
2008-06-08 23:18 349,696 ----a-w C:\WINDOWS\Internet Logs\xDB466.tmp
2008-06-08 23:18 163,840 ----a-w C:\WINDOWS\Internet Logs\xDB467.tmp
2008-06-05 17:02 304,128 ----a-w C:\WINDOWS\Internet Logs\xDB464.tmp
2008-06-05 17:02 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB465.tmp
2008-06-05 16:44 292,352 ----a-w C:\WINDOWS\Internet Logs\xDB462.tmp
2008-06-05 16:07 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB463.tmp
2008-06-05 14:58 49,152 ----a-w C:\WINDOWS\Internet Logs\xDB461.tmp
2008-06-05 14:56 292,352 ----a-w C:\WINDOWS\Internet Logs\xDB460.tmp
2008-06-05 14:22 --------- d-----w C:\Program Files\Lavasoft
2008-06-05 08:41 --------- d-----w C:\Documents and Settings\Amy Melsoner\Application Data\Lavasoft
2008-06-05 08:27 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45F.tmp
2008-06-05 05:56 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45C.tmp
2008-06-05 05:55 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB45E.tmp
2008-06-04 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 17:39 --------- d-----w C:\Program Files\Shockwave.com
2008-06-04 17:28 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45D.tmp
2008-06-04 00:35 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45A.tmp
2008-06-02 23:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 23:29 --------- d-----w C:\Program Files\Starcraft
2008-05-28 14:07 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB45B.tmp
2008-05-26 00:34 --------- d-----w C:\Program Files\Google
2008-05-24 21:36 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB458.tmp
2008-05-23 21:16 --------- d-----w C:\Program Files\Java
2008-05-19 02:50 --------- d-----w C:\Program Files\World of Warcraft
2008-05-16 18:04 11,776 ----a-w C:\WINDOWS\Internet Logs\xDB459.tmp
2008-05-13 06:02 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB456.tmp
2008-05-04 19:15 --------- d-----w C:\Documents and Settings\Amy Melsoner\Application Data\Nexon
2008-05-04 19:14 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-03 21:49 12,288 ----a-w C:\WINDOWS\Internet Logs\xDB457.tmp
2008-05-02 21:13 26,112 ----a-w C:\WINDOWS\Internet Logs\xDB455.tmp
2008-05-02 21:13 211,456 ----a-w C:\WINDOWS\Internet Logs\xDB454.tmp
2008-05-01 09:05 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB452.tmp
2008-04-26 20:20 --------- d-----w C:\Program Files\Microsoft Works
2008-04-26 20:18 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-09 14:08 11,776 ----a-w C:\WINDOWS\Internet Logs\xDB453.tmp
2008-04-04 12:50 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB450.tmp
2008-03-13 12:49 11,776 ----a-w C:\WINDOWS\Internet Logs\xDB451.tmp
2008-03-12 22:58 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB44E.tmp
2005-08-06 22:19 46,525 ---ha-w C:\Documents and Settings\Amy Melsoner\Application Data\ptads.bin
.

((((((((((((((((((((((((((((( snapshot@2008-06-10_ 0.37.33.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 04:27:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 03:15:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-24 23:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2006-10-27 19:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSO.DLL
- 2008-05-14 14:02:30 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-06-10 04:58:37 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-14 14:02:31 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-10 04:58:37 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-14 14:02:31 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-10 04:58:37 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-14 14:02:31 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-10 04:58:37 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-14 14:02:31 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-10 04:58:37 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-14 14:02:31 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-06-10 04:58:37 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-14 14:02:31 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-06-10 04:58:37 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-14 14:02:31 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-06-10 04:58:37 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-14 14:02:31 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-10 04:58:37 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-14 14:02:30 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-10 04:58:37 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2007-12-27 21:39:04 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-10 05:19:40 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2008-01-30 16:33 477696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 17:18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe [2004-06-27 14:27:19 422984]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Yahoo! Games\\Risk II\\RiskII.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 20:16]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 23:31]
S3 lne100tx;Linksys LNE100TX Fast Ethernet PCI Adapter;C:\WINDOWS\system32\DRIVERS\lne100tx.sys [2001-08-17 12:12]
S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-12-28 15:50]
S3 MusCVideo32;MusCVideo32;C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2007-12-28 15:50]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 23:16:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-06-10 23:24:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 03:23:19
ComboFix2.txt 2008-06-10 05:14:05
ComboFix3.txt 2008-06-10 04:39:17

Pre-Run: 48,099,651,584 bytes free
Post-Run: 48,089,849,856 bytes free

193 --- E O F --- 2008-06-10 04:58:40







My internet does not work through my router on any of my 3 computers now i had to plug this computer into the modem to post this

#12 Kresh

Kresh

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 10 June 2008 - 09:46 PM

plugged everything back into router & unplugged/replugged it back in and is ok now

#13 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 11 June 2008 - 05:43 AM

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::
C:\Documents and Settings\Amy Melsoner\Application Data\shcet6j0e7be

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall






Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also post a new HijackThis log

#14 Kresh

Kresh

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 11 June 2008 - 09:59 PM

ComboFix 08-06-09.7 - Amy Melsoner 2008-06-11 23:56:50.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.264 [GMT -4:00]
Running from: C:\Documents and Settings\Amy Melsoner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Amy Melsoner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Amy Melsoner\Application Data\shcet6j0e7be

.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-11 10:00 . 2008-06-11 10:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 09:50 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 15:45 . 2008-06-09 15:45 <DIR> d-------- C:\_OTMoveIt
2008-06-09 12:38 . 2008-06-09 12:38 <DIR> d-------- C:\Deckard
2008-06-05 13:14 . 2008-06-05 13:14 <DIR> d-------- C:\VundoFix Backups
2008-06-05 12:32 . 2008-06-10 00:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-05 12:32 . 2008-06-10 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 12:27 . 2008-06-05 12:27 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\Uniblue
2008-06-05 11:39 . 2008-06-10 00:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-05 11:39 . 2008-06-10 00:54 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\SUPERAntiSpyware.com
2008-06-05 11:39 . 2008-06-05 11:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-05 11:36 . 2008-06-05 11:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 08:25 . 2007-03-29 08:56 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-06-05 08:25 . 2007-03-29 08:56 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-06-05 08:25 . 2007-03-29 08:56 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-06-05 08:25 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-06-05 08:25 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-06-05 08:25 . 2007-03-29 08:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-06-05 03:23 . 2008-06-05 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 12:49 . 2008-06-04 12:48 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-04 12:48 . 2008-06-04 12:50 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\.housecall6.6
2008-06-04 12:45 . 2008-04-22 13:41 <DIR> d-------- C:\RiskII
2008-06-04 12:45 . 2008-06-04 12:45 <DIR> d-------- C:\Program Files\Microprose
2008-06-04 12:45 . 2008-04-22 13:42 1,396,261 --a------ C:\RiskInstall.exe
2008-06-04 12:35 . 2008-06-04 13:39 <DIR> d-------- C:\Program Files\WarZone
2008-06-04 12:35 . 2008-06-04 12:37 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\WarZone
2008-06-02 21:58 . 2008-06-02 21:58 <DIR> d-------- C:\Program Files\Yahoo! Games
2008-06-02 20:55 . 2008-06-02 20:55 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-02 19:42 . 2008-06-02 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-02 19:39 . 2008-06-02 19:39 <DIR> d-------- C:\Program Files\Games
2008-06-02 19:36 . 2008-06-04 13:35 <DIR> d-------- C:\Program Files\AOL Games
2008-06-02 18:44 . 2008-06-02 19:12 <DIR> d-------- C:\Program Files\Risk
2008-06-02 18:44 . 2008-06-02 18:44 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\SpinTop
2008-06-02 17:36 . 2008-06-02 17:36 <DIR> d-------- C:\Documents and Settings\Amy Melsoner\Application Data\iWin
2008-05-18 22:33 . 2008-05-18 22:33 <DIR> d-------- C:\Program Files\Disney

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-10 04:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 19:48 356,864 ----a-w C:\WINDOWS\Internet Logs\xDB468.tmp
2008-06-09 19:48 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB469.tmp
2008-06-08 23:18 349,696 ----a-w C:\WINDOWS\Internet Logs\xDB466.tmp
2008-06-08 23:18 163,840 ----a-w C:\WINDOWS\Internet Logs\xDB467.tmp
2008-06-05 17:02 304,128 ----a-w C:\WINDOWS\Internet Logs\xDB464.tmp
2008-06-05 17:02 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB465.tmp
2008-06-05 16:44 292,352 ----a-w C:\WINDOWS\Internet Logs\xDB462.tmp
2008-06-05 16:07 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB463.tmp
2008-06-05 14:58 49,152 ----a-w C:\WINDOWS\Internet Logs\xDB461.tmp
2008-06-05 14:56 292,352 ----a-w C:\WINDOWS\Internet Logs\xDB460.tmp
2008-06-05 14:22 --------- d-----w C:\Program Files\Lavasoft
2008-06-05 08:41 --------- d-----w C:\Documents and Settings\Amy Melsoner\Application Data\Lavasoft
2008-06-05 08:27 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45F.tmp
2008-06-05 05:56 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45C.tmp
2008-06-05 05:55 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB45E.tmp
2008-06-04 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 17:39 --------- d-----w C:\Program Files\Shockwave.com
2008-06-04 17:28 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45D.tmp
2008-06-04 00:35 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB45A.tmp
2008-06-02 23:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 23:29 --------- d-----w C:\Program Files\Starcraft
2008-05-28 14:07 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB45B.tmp
2008-05-26 00:34 --------- d-----w C:\Program Files\Google
2008-05-24 21:36 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB458.tmp
2008-05-23 21:16 --------- d-----w C:\Program Files\Java
2008-05-19 02:50 --------- d-----w C:\Program Files\World of Warcraft
2008-05-16 18:04 11,776 ----a-w C:\WINDOWS\Internet Logs\xDB459.tmp
2008-05-13 06:02 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB456.tmp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 19:15 --------- d-----w C:\Documents and Settings\Amy Melsoner\Application Data\Nexon
2008-05-04 19:14 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-03 21:49 12,288 ----a-w C:\WINDOWS\Internet Logs\xDB457.tmp
2008-05-02 21:13 26,112 ----a-w C:\WINDOWS\Internet Logs\xDB455.tmp
2008-05-02 21:13 211,456 ----a-w C:\WINDOWS\Internet Logs\xDB454.tmp
2008-05-01 09:05 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB452.tmp
2008-04-26 20:20 --------- d-----w C:\Program Files\Microsoft Works
2008-04-26 20:18 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 11:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-09 14:08 11,776 ----a-w C:\WINDOWS\Internet Logs\xDB453.tmp
2008-04-04 12:50 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB450.tmp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 12:49 11,776 ----a-w C:\WINDOWS\Internet Logs\xDB451.tmp
2008-03-12 22:58 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB44E.tmp
2005-08-06 22:19 46,525 ---ha-w C:\Documents and Settings\Amy Melsoner\Application Data\ptads.bin
.

((((((((((((((((((((((((((((( snapshot@2008-06-10_ 0.37.33.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 04:27:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 14:08:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-24 23:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2006-10-27 19:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSO.DLL
- 2008-05-14 14:02:30 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-06-10 04:58:37 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-14 14:02:31 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-10 04:58:37 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-14 14:02:31 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-10 04:58:37 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-14 14:02:31 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-10 04:58:37 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-14 14:02:31 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-10 04:58:37 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-14 14:02:31 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-06-10 04:58:37 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-14 14:02:31 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-06-10 04:58:37 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-14 14:02:31 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-06-10 04:58:37 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-14 14:02:31 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-10 04:58:37 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-14 14:02:30 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-10 04:58:37 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2007-12-27 21:39:04 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-10 05:19:40 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-12-10 18:10:02 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2008-01-30 16:33 477696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 17:18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe [2004-06-27 14:27:19 422984]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Yahoo! Games\\Risk II\\RiskII.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 20:16]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 23:31]
S3 lne100tx;Linksys LNE100TX Fast Ethernet PCI Adapter;C:\WINDOWS\system32\DRIVERS\lne100tx.sys [2001-08-17 12:12]
S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-12-28 15:50]
S3 MusCVideo32;MusCVideo32;C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2007-12-28 15:50]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 23:59:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-12 0:02:39
ComboFix-quarantined-files.txt 2008-06-12 04:01:37
ComboFix2.txt 2008-06-11 03:24:15
ComboFix3.txt 2008-06-10 05:14:05
ComboFix4.txt 2008-06-10 04:39:17

Pre-Run: 47,873,056,768 bytes free
Post-Run: 47,881,084,928 bytes free

341 --- E O F --- 2008-06-11 14:02:24



























































Malwarebytes' Anti-Malware 1.17
Database version: 849

12:13:58 AM 6/12/2008
mbam-log-6-12-2008 (00-13-58).txt

Scan type: Quick Scan
Objects scanned: 36318
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)























































Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:56, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxres...m/Preloader.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093604524421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140671374508
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7206 bytes

Edited by Kresh, 11 June 2008 - 10:12 PM.


#15 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 12 June 2008 - 07:02 AM

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users